The $393m fraud snaring SMEs

Sadly, fraud is part and parcel of our way of life and, as such, business operators need to be alert to the security risks associated with their payments processes.

Fraud – it is something that no business wants to deal with. Yet as official statistics demonstrate, it is something that, while rare, costs businesses dearly.

According to the Australian Payments Fraud Details and Data 2015 report, produced by the Australian Payments Clearing association (APCA), fraud accounted for just 0.02 per cent of all money spent via cards and cheques in 2014.

On its own, this figure looks virtually negligible. However, considering that this 0.02 per cent represents more than $393.1 million in fraudulent transactions, it is clear that the cost of fraud is significant.

Risks to payment security

“Payments industry data for 2014 show that fraud on Australian payment cards continues to increase in the card-not-present space, reflecting a global trend both in online card fraud and in cyber crime in general. Card fraud rates over the last year have grown from 46.6 to 58.8 cents for every $1,000 spent,” the report points out.

“The majority of this increase is due to the rise in card-not-present fraud, which on Australian cards has risen 42 per cent to $299.5 million, with two thirds of this ($200.6 million) occurring overseas.”

As the report stipulates, online shopping – and other methods of purchasing by credit or debit card where the card is not physically presented at the point of sale – has accounted for the bulk of the increase in payments fraud.

Just five years earlier, in 2009, the fraud rate on payment cards sat at 33.7 cents per $1,000 transacted – meaning it has risen nearly 75 per cent.

As the APCA points out, there is more than one method that fraudsters employ to illegitimately obtain goods. These include counterfeit cards and skimming fraud as well as lost or stolen cards.

Isn’t this only a problem for banks?

“It’s definitely really serious for online retailers, and something that they all need to be aware of,” explains Ryan Murtagh, the co-founder of e-commerce provider Neto, which caters specifically to SMEs and was acquired last year by Telstra.

Indeed, part of the problem may actually be that many smaller operators don’t accurately assess their exposure to payment security risks, believing that it only applies to banks and other related sectors dealing in large amounts of money.

“I think a lot of start-up online businesses too don’t account for fraud, like a traditional retailer would account for someone stealing – shoplifting – from their premises. I think that’s a big mistake that a lot of retailers make; online retailers need to understand that fraud is part of doing business online,” he says.

According to Mr Murtagh, while isolated instances of fraud surrounding the payment and delivery of goods may be lowcost, these losses can quickly add up across the industry.

“Because the fraudsters themselves are pretty clever – in that they won’t necessarily target one merchant, they will target many merchants at a time, so that they do fly under the radar – it’s definitely a bigger problem than a lot of people realise,” he says.

“There are just lots of little bits of fraud going on, which adds up to a big number at the end of the day, but nothing that’s probably newsworthy. The fact that I struggled to come up with a good story or the fact that [Neto hasn’t] had any merchant experience fraud to the level that it’s been devastating to their business is probably a testament to that.”

Mr Murtagh suggests that it can often be simple tactics employed by fraudsters that catch businesses off guard.

“In the past, we’ve had a number of merchants that have been the victim of a particular fraud whereby people purchase products through their online store to get delivered to an address, and then they will have fraudsters waiting at that address to receive the delivery,” he says.

“They will take delivery of the goods but it won’t actually be their address, and by the time the merchant has got the chargeback the goods are gone, and the merchant obviously wears that chargeback cost and the cost of the products. And those may have gone into the tens of thousands of dollars before the merchant’s actually become aware of it.”

What can be done?

While eliminating fraud altogether is virtually impossible, Mr Murtagh says there are ways of reducing the cost burden of fraudulent online purchases on small businesses.

“I wouldn’t say it’s difficult, because the tools are available; I think it’s just about being aware and making sure that you have a strategy to counter fraud,” he explains.

“It’s just being aware that fraud exists and having it [built] into your business plan, and applying common sense to every transaction that comes through: really looking at the transactions, and every single transaction, and going through a checklist, whether that’s automated or whether it requires human personnel to be involved.”

The tools Mr Murtagh refers to include MaxMind, which offers a range of IP intelligence and online fraud detection services, as well as those built into third-party retailing sites such eBay and payment service providers including PayPal.

“We have integrated a number of fraud prevention tools that sit as a layer on top of our payment facility itself,” he says.

“So for example, MaxMind is a fraud prevention tool that merchants can install or turn on in their Neto control panel, and MaxMind essentially provides a fraud score for every single transaction based on a number of factors. And based on that fraud score, the merchant can then determine whether they are going to process that sale and dispatch the product or whether they are just going to cancel the transaction altogether.

“Outside of fraud, especially with an e-commerce merchant’s website, [the payment facility still] needs to be secure. Neto, for example, delivers a PTI-compliant checkout experience that ensures that a website is secure, that it has got a security certificate installed so that a user’s information such as credit card data is secure – that it’s not stored at any point in the transaction, etc.”

Key points on payment security

The Australian Cybercrime Online Reporting Network (ACORN) has these tips for anyone selling goods or services online:

• Install security software from a verified provider and set it to update automatically.

• Offer clear terms and conditions.

• Always use and offer a secure payment method.

• Avoid bank transfers and direct debits.

• When using a selling platform, make sure it is trusted and reliable.

• Beware of scams, including by fake suppliers and customers.

• Independently confirm that payment has been made before supplying goods.

• Report online trading scams or suspicious activity to the relevant merchant site (if using a third-party sales site such as eBay) or directly to ACORN.